Security fixes are currently provided for the latest code on the main branch.

Please do not create a public GitHub issue for security vulnerabilities.

Preferred reporting channel:

• GitHub Security Advisories: Security tab in this repository -> Report a vulnerability

If GitHub Advisories are unavailable for your account, contact the repository owner through GitHub profile channels and include:

• clear reproduction steps,
• affected endpoints/files,
• impact assessment,
• possible mitigation (if known).

1. Acknowledge report receipt.
2. Reproduce and validate the issue.
3. Prepare and test a fix.
4. Publish patch and advisory notes.

Thanks for helping keep the project and users safe.